What Is RFID Skimming?

Security breaches are increasingly affecting organizations across various domains as they heavily rely on technologies to reduce the operational costs and improve the work efficiency.

The United States is the world leader in data breach incidents. According to a report shared by the Identity Theft Resource Center in 2017, the security breach incidents in the U.S. hit a new record of 1579 breaches, exposing more than 171 million organizational and customer records. Moreover, the International Data Corporation estimates that by the year 2020, over 25 percent of the world’s population will be affected by data breaches and cyber crimes owing to mankind’s growing dependence on the latest technological advancements.

What is Radio Frequency Identification (RFID) technology?

The Radio Frequency Identification (RFID) technology uses the radio-frequency magnetic fields to identify and track people, vehicles, and assets that carry RFID tags without the need for a direct contact.

Owing to its cost-effectiveness, the speed of operation, and the ease of use, this pervasive technology has replaced several obsolete technologies such as barcodes and magnetic swipe cards. Consequently, the RFID technology is being used in the supply chain management, the retail, the automated payment systems, the airline baggage management, the toll and parking systems, and the prescription management systems in healthcare. However, organizations need to be aware of and address a few security and privacy risks when adopting RFID.

Like most technologies and networks, RFID systems are also vulnerable to physical and electronic attacks, namely reverse engineering, power analysis, eavesdropping, sniffing, denial of service, cloning, spoofing, and viruses. As this technology matures and finds numerous applications, hackers will continue to seek novel methods in order to access private information, infiltrate secure networks, and take the system down for their own gains.

RFID tags can receive and respond to a variety of signals, increasing the risk of unauthorized access and modification of the data on the tag. In other words, any unlawful individual who has an RFID card reader can interrogate tags and access its contents.

How is RFID technology being used by malicious actors?

A new breed of digital pickpocketers armed with RFID card readers can pick up details of credit and debit cards in a matter of seconds. Similarly, attacks on POS (point of sales) systems can cause large-scale security breaches. For instance, in December 2013, hackers gained access to the RFID-enabled POS system of Target Stores, a US-based retail giant, by installing card readers to track the card details of more than 40 million customers.

This technology is becoming increasingly relevant to businesses. Consequently, it is crucial for organizations to mitigate future security attacks by employing encryption methods, chip coatings, and signal-blocking and authentication methods. For instance, wrapping the RFID-enabled card in a metal foil or investing in RFID blocking wallets, passport pouches, and sleeves can block unauthorized RFID-card readers from accessing private data, preserving your organization’s authenticity, integrity, and confidentiality.

The infographic below is a handy guide towards understanding RFID skimming and data theft. It will help you understand how hackers can misuse the RFID technology to gain access to your confidential data, increasing the risk of identity thefts and frauds. Moreover, you will also find practical tips on how you can protect your organization and employees from these malicious attacks.